<%@ page contentType="text/html; charset=utf-8" language="java" import="java.sql.*" import="java.util.*" import="java.security.*" errorPage="" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script language="javascript" type="text/javascript">
// <!CDATA[

function Button1_onclick() {
if(document.myForm.username.value == "")
    alert("UserName Can Not Be Null!");
javascript:myForm.submit()
}

function Button2_onclick() {
    window.open("register.jsp","_self");

}

// ]]>
</script>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Island Auctions - Login</title>
</head>

<body>
<table width="100%" height="100%" border="2">
  <tr>
    <td width="22%" height="95"><img src="logo.png" width="163" height="154" alt="Logo" /></td>
    <td width="78%"><h1>Island Auctions</h1>
    <p> Turning Junk Into Money</p></td>
  </tr>
  <tr>
    <td valign="top"><p><a href="index.jsp">Home</a></p>
    <p><a href="Browse.jsp">Browse</a></p>
    <p><a href="index.jsp">Search</a></p>
    <p><a href="profile.jsp">Profile</a></p>
    <p><a href="Users.jsp">Users</a></p>
    <%
    try{
	    if(session.getValue("login") != null)
	    {%>
	    	<p><a href="Logout.jsp">Logout</a></p>
	    <%}
	    else
	    {%>
	    	<p><a href="login.jsp">Login</a></p>
	    <%}
    }catch(java.lang.IllegalStateException e)
    {%>
		<p><a href="login.jsp">Login</a></p><%
}%>
<%
try{
    if(session.getValue("empLevel") == "1")
    {%>
    	<p><a href="ManageEmployees.jsp">(Manage Employees)</a></p></td>
    <%}
    else
    {%>
    <br>
    <%}
}catch(java.lang.IllegalStateException e)
{%>
<br>
<%}
    %>

    <td valign="top"> 
        <%
    String state = request.getParameter("State");
    if(state != null && state.equals("Failed")) {%>
    <p>Username not found or password incorrect.</p>
    <%} %>
    <form name="myForm" action="login.jsp" method="post">

        <span style="font-size: 10pt">User ID :</span>
        <input id="Text1" name="username" type="text" />
        &nbsp; <span style="font-size: 10pt">Password:</span>
        <input id="Password1" name="userpasswd" type="password" />
        &nbsp;
        <input id="Button1" style="width: 70px" type="button" value="Log In" onclick="return Button1_onclick()" />
        &nbsp;
        <input id="Button2" style="width: 70px" type="button" value="Register" onclick="return Button2_onclick()" /><br />
        <br />
        </form></td>
  </tr>
</table>
</body>
</html>
<%
	if((request.getParameter("action")!=null)&&	(request.getParameter("action").trim().equals("logout")))
	{
		session.putValue("login","");
		response.sendRedirect("/");
		return;
	}
		String username = request.getParameter("username");
		String userpasswd = request.getParameter("userpasswd");
     	String mysJDBCDriver = "com.mysql.jdbc.Driver"; 
     	String mysURL = "jdbc:mysql://mysql2.cs.stonybrook.edu:3306/jedale"; 
     	String mysUserID = "jedale"; 
    	String mysPassword = "107200855";


	session.putValue("login","");
	if ((username!=null) &&(userpasswd!=null))
	{
		if (username.trim().equals("") || userpasswd.trim().equals(""))
		{
			response.sendRedirect("index.htm");
		}
		else
		{
			//Hash password
			//byte[] b = userpasswd.getBytes("UTF-8");
			//MessageDigest md = MessageDigest.getInstance("MD5");
			//byte[] hashedP = md.digest(b);
			//userpasswd = org.apache.commons.codec.binary.Base64.encodeBase64(hashedP);
			
			// code start here
			java.sql.Connection conn=null;
			try {
		            	Class.forName(mysJDBCDriver).newInstance();
            			java.util.Properties sysprops=System.getProperties();
            			sysprops.put("user",mysUserID);
            			sysprops.put("password",mysPassword);
        
				//connect to the database
            			conn=java.sql.DriverManager.getConnection(mysURL,sysprops);
            			System.out.println("Connected successfully to database using JConnect");
            
            			conn.setAutoCommit(false);
            			java.sql.Statement stmt1=conn.createStatement();
            	java.sql.ResultSet rs;
				rs = stmt1.executeQuery(" select Employee.EmpLevel from Person, Employee where Person.Username='"+username+"' and Person.Pass='"+userpasswd+"' and Person.SSN = Employee.EmployeeID");
				if (rs.next())
				{
					System.out.println("Employee Login ");
					// login success
					session.putValue("login",username);
					session.putValue("empLevel",rs.getInt(1));
					response.sendRedirect("index.jsp");
				}
				else
				{
					rs = stmt1.executeQuery(" select Person.SSN from Person where Username='"+username+"' and Pass='"+userpasswd+"'");
					if (rs.next())
					{
						System.out.println("Customer Login ");
						// login success
						session.putValue("login",username);
						session.putValue("customerID",rs.getInt(1));
						response.sendRedirect("index.jsp");
					}
					else
					{
						System.out.println(userpasswd + " Not correct");
						response.sendRedirect("login.jsp?State=Failed");
						session.invalidate();
					}
				}
			} catch(Exception e)
			{
				e.printStackTrace();
			}
			finally{
				try{conn.close();}catch(Exception ee){};

			}
		}
	}
%>